Data of over one million WordPress GoDaddy customers leaked

Get a free Techzine subscription!

Web host GoDaddy was hit by a major data leak, affecting some 1.2 million of the Managed WordPress hosting environment’s customers.

According to hosting provider GoDaddy, hackers gained access to the Managed WordPress environment using a misappropriated password. The setup environment of the codebase for the managed WordPress environment was compromised.

Passwords captured

The hackers accessed data of as many as 1.2 million active and inactive users of GoDaddy’s WordPress service. This includes email addresses, telephone numbers and users’ managed WordPress admin passwords. The SFTP and database user names and passwords were captured as well. Lastly, SSL private keys were compromised, albeit on a smaller scale than the data mentioned afore.

Remedial measures

GoDaddy has since taken measures to limit the impact of the attack. The leak was clogged. In addition, the hosting provider has reset SFTP, database and admin usernames and passwords. Customers with leaked SSL private keys will receive new certificates. GoDaddy advises affected customers to watch for possible phishing attacks.